Privacy Policy

Key Health Hub Ltd ("Doktorly," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy describes how we collect, use, share, and safeguard your information when you use our digital health concierge platform.

Effective Date: January 2026
Last Updated: January 9, 2026

1. Information We Collect

1.1 Personal Information

When you use our services, we collect:

• Full name, date of birth, and gender
• Email address and WhatsApp number
• Hotel accommodation details and location
• Home address (optional, for supplement delivery)
• Payment information (processed securely through PayPal)

1.2 Health Information

We collect and process sensitive health data including:

• Laboratory test results and biomarkers
• Medical consultation notes and interpretations
• Health assessments and longevity scores
• Supplement recommendations and protocols
• Historical health data provided by you

1.3 Technical Information

• IP address, browser type, and device information
• Cookies and similar tracking technologies
• Usage data and interaction with our platform
• Geographic location data

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Coordinating blood sample collection, laboratory testing, and result delivery
• Medical Consultations: Facilitating telemedicine appointments with licensed healthcare providers
• Payment Processing: Handling transactions securely through PayPal
• Communication: Sending appointment confirmations, test results, and service updates via email or WhatsApp
• Quality Improvement: Analyzing service performance and user experience
• Legal Compliance: Meeting regulatory requirements and protecting legal rights
• Supplement Coordination: Arranging delivery of recommended supplements to your address

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Medical Partners

Your health information is shared with licensed medical partners who provide laboratory testing, sample collection, and clinical interpretation services. These partners are bound by medical confidentiality and data protection obligations.

3.2 Service Providers

We may share information with trusted third parties including:

• Payment processors (PayPal) for transaction handling
• Hotel logistics partners for sample collection coordination
• Supplement suppliers for product fulfillment
• Technology providers for platform hosting and security

3.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect the rights, property, or safety of our users or others.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Strict authentication and authorization protocols
• Secure Storage: Encrypted databases with regular backups
• Employee Training: Staff education on data protection and confidentiality
• Regular Audits: Security assessments and vulnerability testing
• HIPAA Compliance: Medical partners adhere to healthcare data protection standards

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

5. Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 GDPR Rights (European Union/UK)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your data (right to be forgotten)
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of processing
• Automated Decisions: Opt out of automated decision-making

5.2 General Rights

• Withdraw consent for data processing at any time
• Opt out of marketing communications
• Request details about data sharing with third parties
• File a complaint with a data protection authority

To exercise your rights, contact us at privacy@doktorly.com or use the contact information provided at the end of this policy.

6. Data Retention

We retain your information for the following periods:

• Medical Records: Retained by medical partners according to legal requirements (typically 7-10 years)
• Account Information: Retained while your account is active and for 2 years after closure
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you opt out or for 2 years of inactivity

After retention periods expire, we securely delete or anonymize your information unless longer retention is required by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and preferences
• Analyze platform usage and performance
• Provide personalized content and recommendations
• Enable social media features and integrations

You can control cookies through your browser settings, but disabling cookies may limit certain platform features.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions by relevant data protection authorities
• Compliance with Privacy Shield frameworks where applicable

9. Children's Privacy

Our services are intended for individuals aged 18 and older. We do not knowingly collect information from children under 18. If we discover we have inadvertently collected such information, we will delete it promptly.

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via:

• Email notification to your registered address
• Prominent notice on our platform
• Updated "Last Updated" date at the top of this policy

Continued use of our services after changes constitute acceptance of the updated policy.

12. Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your data based on:

• Consent: You have provided explicit consent for specific processing activities
• Contract Performance: Processing is necessary to deliver services you requested
• Legal Obligation: Processing is required to comply with applicable laws
• Legitimate Interests: Processing is necessary for our legitimate business interests, balanced against your privacy rights

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Last updated: January 9, 2026